The local root exploit affect kernels 2.6.17-2.6.24.1 despite distribution, and it's not a Slackware issue...
It's a local root and not remote exploit, and don't give full root privileges, can't reboot, halt, add or remove packages for instance but can delete and stop services amongst things and that's a problem.
Of course that all can be done by a user and not someone that has not access to the server, but I believe that an well written web script can do bad things.

The above all tested between SMS 1.3.5 and 1.3.6 native installations.

note: If you boot from SMS.Live.CD-1.3.6 the script will gain root access, but that's because I patched the kernel and not the initrd.gz that boots the liveCD.
If you install it on disk through sms-text-installer you will not have any problems.
I've create although an initrd.gz from the patched kernel too and there will be on SMS.Live.CD-1.3.7

Kernel Patches are available here
If you installed SMS.Live.CD just use livecd.s
Don't forget to run lilo after the installation of the kernel.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou can attach files in this forumYou can download files in this forum